Wednesday, July 22, 2015
Operator’s Guide to ps, kill, and nice to Manage Processes in Linux
How To View Running Processes in Linux
top
The easiest way to find out what processes are running on your server is to run the top command:
top
top - 15:14:40 up 46 min, 1 user, load average: 0.00, 0.01, 0.05
Tasks: 56 total, 1 running, 55 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1019600k total, 316576k used, 703024k free, 7652k buffers
Swap: 0k total, 0k used, 0k free, 258976k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 24188 2120 1300 S 0.0 0.2 0:00.56 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:00.07 ksoftirqd/0
6 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
7 root RT 0 0 0 0 S 0.0 0.0 0:00.03 watchdog/0
8 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 cpuset
9 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 khelper
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kdevtmpfs
The top chunk of information give system statistics, such as system load and the total number of tasks.
You can easily see that there is 1 running process, and 55 processes are sleeping (aka idle/not using CPU resources).
The bottom portion has the running processes and their usage statistics.
htop
An improved version of top, called htop, is available in the repositories. Install it with this command:
sudo apt-get install htop
If we run the htop command, we will see that there is a more user-friendly display:
htop
Mem[||||||||||| 49/995MB] Load average: 0.00 0.03 0.05
CPU[ 0.0%] Tasks: 21, 3 thr; 1 running
Swp[ 0/0MB] Uptime: 00:58:11
PID USER PRI NI VIRT RES SHR S CPU% MEM% TIME+ Command
1259 root 20 0 25660 1880 1368 R 0.0 0.2 0:00.06 htop
1 root 20 0 24188 2120 1300 S 0.0 0.2 0:00.56 /sbin/init
311 root 20 0 17224 636 440 S 0.0 0.1 0:00.07 upstart-udev-brid
314 root 20 0 21592 1280 760 S 0.0 0.1 0:00.06 /sbin/udevd --dae
389 messagebu 20 0 23808 688 444 S 0.0 0.1 0:00.01 dbus-daemon --sys
407 syslog 20 0 243M 1404 1080 S 0.0 0.1 0:00.02 rsyslogd -c5
408 syslog 20 0 243M 1404 1080 S 0.0 0.1 0:00.00 rsyslogd -c5
409 syslog 20 0 243M 1404 1080 S 0.0 0.1 0:00.00 rsyslogd -c5
406 syslog 20 0 243M 1404 1080 S 0.0 0.1 0:00.04 rsyslogd -c5
553 root 20 0 15180 400 204 S 0.0 0.0 0:00.01 upstart-socket-br
You can learn more about how to use top and htop here.
How To Use ps to List Processes
Both top and htop provide a nice interface to view running processes similar to a graphical task manager.
However, these tools are not always flexible enough to adequately cover all scenarios. A powerful command called ps is often the answer to these problems.
When called without arguments, the output can be a bit lack-lustre:
ps
PID TTY TIME CMD
1017 pts/0 00:00:00 bash
1262 pts/0 00:00:00 ps
This output shows all of the processes associated with the current user and terminal session. This makes sense because we are only running bash and ps with this terminal currently.
To get a more complete picture of the processes on this system, we can run the following:
ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.2 24188 2120 ? Ss 14:28 0:00 /sbin/init
root 2 0.0 0.0 0 0 ? S 14:28 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 14:28 0:00 [ksoftirqd/0]
root 6 0.0 0.0 0 0 ? S 14:28 0:00 [migration/0]
root 7 0.0 0.0 0 0 ? S 14:28 0:00 [watchdog/0]
root 8 0.0 0.0 0 0 ? S< 14:28 0:00 [cpuset]
root 9 0.0 0.0 0 0 ? S< 14:28 0:00 [khelper]
. . .
These options tell ps to show processes owned by all users (regardless of their terminal association) in a user-friendly format.
To see a tree view, where hierarchical relationships are illustrated, we can run the command with these options:
ps axjf
PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND
0 2 0 0 ? -1 S 0 0:00 [kthreadd]
2 3 0 0 ? -1 S 0 0:00 \_ [ksoftirqd/0]
2 6 0 0 ? -1 S 0 0:00 \_ [migration/0]
2 7 0 0 ? -1 S 0 0:00 \_ [watchdog/0]
2 8 0 0 ? -1 S< 0 0:00 \_ [cpuset]
2 9 0 0 ? -1 S< 0 0:00 \_ [khelper]
2 10 0 0 ? -1 S 0 0:00 \_ [kdevtmpfs]
2 11 0 0 ? -1 S< 0 0:00 \_ [netns]
. . .
As you can see, the process kthreadd is shown to be a parent of the ksoftirqd/0 process and the others.
A Note About Process IDs
In Linux and Unix-like systems, each process is assigned a process ID, or PID. This is how the operating system identifies and keeps track of processes.
A quick way of getting the PID of a process is with the pgrep command:
pgrep bash
1017
This will simply query the process ID and return it.
The first process spawned at boot, called init, is given the PID of "1".
pgrep init
1
This process is then responsible for spawning every other process on the system. The later processes are given larger PID numbers.
A process's parent is the process that was responsible for spawning it. If a process's parent is killed, then the child processes also die. The parent process's PID is referred to as the PPID.
You can see PID and PPID in the column headers in many process management applications, includingtop, htop and ps.
Any communication between the user and the operating system about processes involves translating between process names and PIDs at some point during the operation. This is why utilities tell you the PID.
How To Send Processes Signals in Linux
All processes in Linux respond to signals. Signals are an os-level way of telling programs to terminate or modify their behaviour.
How To Send Processes Signals by PID
The most common way of passing signals to a program is with the kill command.
As you might expect, the default functionality of this utility is to attempt to kill a process:
kill PID_of_target_process
This sends the TERM signal to the process. The TERM signal tells the process to please terminate. This allows the program to perform clean-up operations and exit smoothly.
If the program is misbehaving and does not exit when given the TERM signal, we can escalate the signal by passing the KILL signal:
kill -KILL PID_of_target_process
This is a special signal that is not sent to the program.
Instead, it is given to the operating system kernel, which shuts down the process. This is used to bypass programs that ignore the signals sent to them.
Each signal has an associated number that can be passed instead of the name. For instance, You can pass "-15" instead of "-TERM", and "-9" instead of "-KILL".
How To Use Signals For Other Purposes
Signals are not only used to shut down programs. They can also be used to perform other actions.
For instance, many daemons will restart when they are given the HUP, or hang-up signal. Apache is one program that operates like this.
sudo kill -HUP pid_of_apache
The above command will cause Apache to reload its configuration file and resume serving content.
You can list all of the signals that are possible to send with kill by typing:
kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1
11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM
. . .
How To Send Processes Signals by Name
Although the conventional way of sending signals is through the use of PIDs, there are also methods of doing this with regular process names.
The pkill command works in almost exactly the same way as kill, but it operates on a process name instead:
pkill -9 ping
The above command is the equivalent of:
kill -9 `pgrep ping`
If you would like to send a signal to every instance of a certain process, you can use the killallcommand:
killall firefox
The above command will send the TERM signal to every instance of firefox running on the computer.
How To Adjust Process Priorities
Often, you will want to adjust which processes are given priority in a server environment.
Some processes might be considered mission critical for your situation, while others may be executed whenever there might be leftover resources.
Linux controls priority through a value called niceness.
High priority tasks are considered less nice, because they don't share resources as well. Low priority processes, on the other hand, are nice because they insist on only taking minimal resources.
When we ran top at the beginning of the article, there was a column marked "NI". This is the nice value of the process:
top
Tasks: 56 total, 1 running, 55 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.3%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1019600k total, 324496k used, 695104k free, 8512k buffers
Swap: 0k total, 0k used, 0k free, 264812k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1635 root 20 0 17300 1200 920 R 0.3 0.1 0:00.01 top
1 root 20 0 24188 2120 1300 S 0.0 0.2 0:00.56 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:00.11 ksoftirqd/0
Nice values can range between "-19/-20" (highest priority) and "19/20" (lowest priority) depending on the system.
To run a program with a certain nice value, we can use the nice command:
nice -n 15 command_to_execute
This only works when beginning a new program.
To alter the nice value of a program that is already executing, we use a tool called renice:
renice 0 PID_to_prioritize
Note: While nice operates with a command name by necessity, renice operates by calling the process PID
My ANONYMOUS Surf Solution
This is how I achieve anonymity online while applying a local layer of security.Please note these instructions are not a tutorial or how to guide.
What you will need:
Hardware:
16GB USB thumb drive. The smaller the better. The Scandisk Cruzer is smaller than a thumbnail.
Laptop or desktop machine. This can be an older machine and it will work just fine.Here's the one I'm currently utilizing.
Yeah, missing keys and everything. :)
Software:
Tails
Unetbootin
Service:
Internet connection
STEPS:
1. Download Tails ISO and Unetbootin :
Tails > https://tails.boum.org/download/index.en.html
Unetbootin > http://unetbootin.sourceforge.net/
2. Use unetbootin to create boot disk with tails OS and your USB drive. The unetbootin page has pretty good instructions on how to do this, the step above contains the link.
3. Remove hdd from laptop or machine to be utilized for anonymous access to the web.
4. Boot into tails OS
5. Select forward to proceed with login or configure root pwd.
7. Establish VPN internet connection through your preferred VPN tunnel. (optional)
8. Establish TOR internet connection and ONLY use tor browser (world icon located on desktop toolbar).
9. When the TOR browser connects it will prompt you. Only use when it has properly connected.
10. Look up YouTube Videos on how to do the above steps for details. Have fun and don't get caught doing dumb shit , this is for learning and shit.lol
Oh, and if none of this makes sense you don't need to be doing anything online that requires a high level of security on your own. Please seek the help of a professional before applying any of the techniques described in this document.
Notes:
This can be achieved without the use of TAILS OS. A solid understanding of VPN and TOR is all that is necessary. However, for a higher level of security, another layer per-Se, it is recommended to run your OS off live CD USB. I recommend it to be small in case you have to eat it, smash it, insert it inside an animal, a body cavity etc..
You should also consider destroying any incriminating evidence from media removed from machine(s) or ensure the volume and containers thereof are encrypted. I hear hard drives make cool clocks and stuff.
Consider renting space on an offshore server and configuring a VPN server solution. I use openvpn client which is free. My rental fee is $5.00 per mo with the offshore vpn service I rent from.
Always ensure the host you're renting with does not keep or hand over logs to authorities if audited.
To achieve an extra layer of anonymity, it is highly recommended that all communications are issued from an IP address originating outside of your current location or home address, town, city , state. etc. This is probably the most important point to remember.
Advantages of managing your VPN solution.
The originating IP address is known by the vpn access server, if you are in control of said server, you can control logs, connection of client (block) if necessary.
With a vpn solution, secure connections from mobile devices can be achieved. These can also be stacked with the TOR browser client.
Subscribe to:
Posts (Atom)